by Ana María Restrepo
In 1995, AOL discovered the scam being carried out by a cracker, who posed as a company employee by sending a trusted instant message to a user, so that the victim sent his password and the criminal had access to the client's account. Therefore, the company added a line in its instant messaging system that warned users that no AOL worker would ask about their password or billing information; it also developed a system that allowed an account involved in phishing to be automatically deactivated before the customer responded to the message.
This type of scam, designed specifically to steal identities, has been potentiated in the world since 2002 due to the high number of Internet users and the importance that the network of networks has acquired in the last 10 years, also because a high number of people carry out most of their commercial and financial activities through This is the Internet, not to mention the rise of Web 2.0 and its disadvantages in terms of this fraud.
Quick and easy theft
As such, this crime consists of obtaining information such as credit or debit card numbers, passwords, bank account information or personal information of users through emails or pop-ups.
The cracker sends fake messages that seem to come from recognized websites such as a bank or credit card company, usually the email alerts about a failure in the security systems or about the need to update your personal data. Trusted people typically respond to these email requests with their credit card numbers, passwords, account information, or other personal data. The email takes the user to a pirate website, a page that looks identical to that of the financial institution, where he enters his data or his password and sends it, at that moment the page fails, and then redirects him to the real page, but at that time the criminal already has the information he required and will use it to make purchases, request a new credit card or steal his identity.
According to Juan Carlos Álvarez, general manager of Interlan, a network and systems engineering company in Colombia, he explains that this fictitious page is usually stored on a free server and anywhere in the world, especially in those countries where the legislation is not very strong in relation to this issue.
Likewise, Álvarez assures that hackers have changed the motivations of their actions, as they have gone from having fun and seeking recognition among their friends to chasing money or credit card numbers that they can market on the black market. Many of these numbers are obtained in different ways, not only by phishing, it is also given by leakage of information from financial companies or companies that handle credit cards through authorization networks in department stores that have cash registers with wireless systems, which can be exploited and sold in this dark market.
In the same way , hackers are acting with other criminal networks such as trafficking in women, pornography, piracy of software and music. "For example, a pornographic page has pieces of malicious code that intercept the browser and the browser, contaminate it with keylogers which record everything you type and send it to sites where they capture the information, among which are the personal keys; or they also contaminate the browser so that you always go to visit a page and on that page there are always counters that give you money," says Álvarez.
Threat Group
We could say that cybercrime has become an organized crime, where not only a type of scam is used, but multiple threats from the network contribute to phishing taking shape and being able to act.
Usually phishing comes through spam, so a spammer is paid to send amounts of emails indiscriminately and it is impossible to detect where the attacks come from, since there are machines specialized in sending spam around the world. There are also worms that contaminate home computers so that they send a large amount of spam, in this way a network of both is configured that is under the control of a cracker. As a curious fact, Juan Carlos commented that these networks of both are rented, so the phishers lease the network, send their attacks and capture the necessary information and then change networks.
According to data published in PCWorld according to kaspersky Labs' 2007 report, today not only phishing is the threat used to make money, now malware is programmed for the same purpose. In addition, there are other attack modalities that put the stability of computers at risk, since there are zombie machines, denial of service (DDoS) attacks against websites, viruses are spread through all existing methods (blogs, RSS headlines, web 2.0, email, instant messaging) and bank information is stolen by Means of Trojan horses.
Also, one of the most imminent and developed dangers of last year, which could be said to be the one that most helps the distribution, as well as the execution of all cyber threats, is the network of software robots or botnet, that infects a large number of computers to be controlled remotely through IRC (Internet Relay Chat, text-based communication protocol, classified within instant messaging).
But it is not only these threats that are limited to PCs, mobile devices are also victims of these dangers and the more sophisticated, the more they make it possible to reproduce these problems. Álvarez explains that devices such as USB sticks, digital cameras, as well as those with wireless and Bluetooth capabilities are the main source of information leakage compromising the confidentiality of the company, in addition to transmitting infections.
In December 2007 a new pshising attack was discovered that modifies the DNS settings of some models of ADSL routers. This attack, launched through spam, is not detected by any antivirus and because of this leads users to a fake website by entering the correct address of their bank in the browser. When clicking on the link, users observe on the page a flash presentation, which modifies the configuration of their Internet connection router.
Another technique of this scam, according to ABC.es, is being given through the Google Calendar service, where a false message arrives that promises the collection of an inheritance using this service. The crackers attract attention with an undeniable offer, they ask the user to contact them and provide them with the bank details to make the transaction, thus achieving access to the Internet user's account and stealing their money.
Messenger name and password thefts have also occurred on web pages such as quienteadmite.com and noadmitido.com where MSN users see who has blocked them from their contact list.
Attacks for everyone
This technique of social engineering, and the other virtual threats do not only occur in the United States, Europe or Asia, in Latin America these cases have been presented on a large scale.
Last November there were 7,833 incidents worldwide, 62 percent was against U.S. banks, 12 percent in the United Kingdom, Italy accounted for six percent, followed by Australia and Canada with four percent each, the fifth place was occupied by Colombia, Spain and South Africa with three percent and Mexico and Peru in sixth place with one percent. Most of the attacks also came from networks hosted in the United States, China, Germany, France, the United Kingdom, South Korea, the Netherlands, Hong Kong, Singapore and Spain.
According to the Symantec report, the financial sector continues to be the favorite of phishers since it accounts for 80% of attacks, although it also presents a decrease in the total number of web pages with pshishing practices, since the software provider company, Computer security devices and services have identified 17,471 of these sites, demonstrating a decrease of 1.8 percent in February 2008 from the previous month. Incidents have also been reduced when compared to those of January by 12.57 percent less.
The report also highlights that the official language of attacks of this type of scam is English, followed by Italian, French and German, although 2,641 phishing sites have been discovered in dialects other than English, representing a growth of 9.49 percent compared to January 2008.
What's next for 2008
For this year the predictions are not encouraging. According to the 2007 threat report published by Trend Micro, malicious code will continue to attack operating systems and vulnerabilities in popular applications in order to breach the security of computers to steal information.
Websites such as social media, banking services, online games, search engines, news, blogs, auction or employment sites, will continue to be the means of crackers to host links to phishing sites.
Similarly, portable or unmanaged storage devices such as smartphones, MP3 players, game consoles, memories, digital cameras, among others, will continue to allow malicious codes to cross the security borders of a company. Also public hotspots such as Internet cafes, coffee shops, bookstores and hotel and airport lobbies will continue to be the distribution points for malware or attack vectors used by malicious entities. Also communication services such as email, instant messaging and file sharing will be taken advantage of by threats such as spams, malicious URLs and attachments with themes that contain social engineering for victims to accept while criminals perform their actions.
BOX
How to protect yourself from pishisng?
Juan Carlos Álvarez, like the experts, believes that both companies and users should protect themselves from virtual threats, especially phishing, with email defense tools and new technologies that analyze the address you are trying to access in order not to enter a malicious site, have an up-to-date antivirus, educate the end user, own a well-managed network, in addition to controlling removable devices.
Panda Labs also recommends the following procedures to protect yourself from pshishing
* Never respond to requests for personal information via email: Companies never ask for passwords, credit card numbers, or other personal information by mail. If you receive a message asking for this type of information, do not respond. If you think the message is legitimate, please contact the company by phone or through their website to confirm the information received.
* To visit websites enter the URL in the address bar: If you suspect the legitimacy of an email message from your credit card company, bank or electronic payment service, do not follow the links that will take you to the website from which the message was sent. These links can lead you to a fake site that will send all the information entered to the scammer who created it. Always type the address of the entity, because although the address bar is shown by the hackers know many ways to show a false URL in the address bar of the browser.
* Make sure the website uses encryption: Before entering any type of personal information, check if the website uses encryption to transmit personal information. In Internet Explorer you can check it with the yellow icon (padlock, which if closed indicates that the site uses encryption); double-click the lock icon to view the site security certificate. The name that appears after the submitted to must match that of the site on which it is located. If the name is different, you may be on a fake site. If you are unsure of the legitimacy of a certificate, do not enter any personal information. Be prudent and leave the website.
* Check your bank and credit card balances frequently
* Communicate possible crimes related to your personal information to the competent authorities: immediately inform the affected company, provide details of the scammer such as the messages received. If you believe that your personal information has been stolen or compromised, you should also report it to the FTC (Federal Trade Commission).
BOX
Variants and modalities of phishing
Most phishing methods use social engineering to accomplish their mission. There are some variants of this type of scam such as:
* Smishing: is based on the use of SMS text messages whose purpose is to obtain through deception to mobile phone users, private information or false online subscriptions and job offers on websites, and then introduce spyware or malware without the user's consent.
* Vishing: consists of sending an email in which criminals get details of bank details through a toll-free telephone number, in which a professional-looking computerized voice requires victims to confirm their bank account, asking for the account number, card, PIN, etc.
There are also different types of "phishing" attacks such as those published by Ubilibet (Consultants in The Information Society)
* Deceptive Phishing: it is the most common modality. It consists of sending a deceptive email in which a trusted company or institution is impersonated.
* Malware-Based Phishing: refers to the variant of the crime that involves the execution of malicious software on the computer, but the user must perform some action that allows the execution of the malware.
* Keyloggers and screenloggers: they are a particular variety of malware. Keyloggers are programs that record keystrokes when the machine on which they are installed accesses a registered website. The data is recorded by the program and sent to the offender over the Internet. Screenloggers have the same function, but they capture images from the screen.
* Session Hacking: describes the attack that occurs once the user has accessed a website registered by the software. These programs are usually disguised as a component of the browser itself.
* Web Trojans: are programs that appear in the form of pop-ups on the validation screens of legitimate web pages. The user believes that he is entering his data into the real web, while he is doing so in the malicious software.
* System Reconfiguration Attacks: this attack is carried out by modifying the configuration parameters of the user's computer, for example by modifying the domain name system.
* Data Theft: these are malicious codes that look for confidential information stored inside the machine on which they are installed
* DNS-Based Phishing ("pharming"): this crime is based on interference in the process of searching for a domain name, that is, fraudulently modifying the resolution of the domain name by sending the user to a different IP address.
* Hosts File Poisoning: is another way to carry out pharming. In this case, the transformation is carried out using the hosts file hosted on the DNS servers.
* Content-Injection Phishing: this modality consists of introducing fraudulent content within a legitimate website
* Man-in-the-Middle Phishing: in this case, the criminal is positioned between the user's computer and the server, being able to filter, read and modify information.
* Search Engine Phishing: phishers create search engines and web pages that offer programs or services.
Leave your comment